This is cache of http://feeds.feedburner.com/~r/PracticalRiskManagement/~3/213361877/how-aware-your-employees-on-it-security.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
How aware are your employees on IT security and risk policies?
2008-01-08 18:50:00 by Ryan Shopp in practical risk management
 

Nice read that highlights 10 area of risk that should be in focus for 2008. One that really jumped out which we are starting to hear more about here in the IT-GRC space is awareness and training of employees on security and risk situation.

-snip-
Employee and Customer Awareness It’s something everyone intends to do – better educate their employees and customers about the security threats that are facing institutions and customers. Now with the ID Theft Red Flags, it’s also been pushed to the top of the compliance list. Institutions by Nov. 1 must have a written program showing how they are educating their employees and customers about identity theft.

American Banker Association’s Doug Johnson, senior policy advisor for the largest industry association, lists this as one of the top risk management issues for 2008.”Increasing your institution’s security awareness pays off in several ways -- employees learn how to protect the data they’re working with, and their awareness reduces the threat of the insider threat (either malicious or unintentional),” says Johnson. Many times the malicious insider can be stopped, if the people working with them are trained and are aware of the red flags that show the work habits and behaviors of a malicious insider. Do your employees know what to look for, what indicators there are that an insider is doing something on your networks or to your institution’s data?
-snip-

A new thing to many that was mention in here was "ID Red Flags." Federal ID Red Flags are suppose to be in place by November 1, 2008 (about 10 months from now). These rules (announced in November) implement section 114 and 315 of the Fair and Accurate Credit Transactions Act (FACTA) of 2003. Basically, each financial institution’s Identity Theft Prevention Program must include reasonable policies and procedures for detecting, preventing and mitigating identity theft.

Part of this process is prevention. One of the best ways to prevent something is through education. By having automated capabilities that require each employee to read what is expected of them in helping prevent Identity Theft. IT-GRC automation can help with this in automating this policy dissemination and acceptance tracking for owners of any company IT resource that may contain consumer identity information (e.g., from server owners, to laptop owners and beyond).


 
Tags: employees, theft red flags, malicious insider, insider, red flags, prevent identity theft, identity theft, security, risk
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia